Ransomware attacks can cripple a business, leading to a rather sad trend in the industry.British companies are hoarding Bitcoin in order to pay off ransomware attacks capable of disrupting critical systems.
A ransomware attack occurs once every 40 seconds. In Q1 2017, six out of every 10 malware payloads delivered to victims contained ransomware, which has the capability to lock PCs, encrypt drives and files, and then demand a ransom — usually in cryptocurrency such as Bitcoin (BTC) — before unlocking and returning system functionality to users.
Paying up is always a risk as there is no guarantee that the malware will decrypt files as promised.
However, it seems in the wake of attacks like WannaCry which crippled UK National Health Service (NHS) systems back in May, businesses are giving in to ransom demands.
Rather than risk the same fate, lose customer trust and face a battered reputation, many companies are taking matters into their own hands — by stockpiling Bitcoin.
Speaking to The Telegraph, Paul Taylor, former Ministry of Defence cyber chief said that “companies are definitely stockpiling Bitcoin in order to be prepared to pay ransoms.”
The executive added that employees are being made to prepare digital wallets to hold cryptocurrency and keep an eye on the price of cryptocurrency to brace against potential price drops — and buy at the right times.
In recent weeks, the price of Bitcoin has surged, perhaps beyond levels most ever imagined. At the time of writing, Bitcoin is worth $18,852 (£14,121).
According to Taylor, stashing Bitcoin is a way for businesses to “keep a hack under wraps.”
For some, it is easier to pay off a hacker than confess to a lapse in security which may have resulted in stolen customer data (to the detriment of Uber).
In the UK, serious data breaches should be reported to law enforcement and the Information Commissioner’s Office (ICO) — especially if the Data Protection Act, which requires “appropriate technical and organisational measures [to] be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data,” is broken.
However, for many, paying off a hacker might seem a simpler alternative than going through audits, the scrutiny of regulators, a loss of reputation at the public exposure of a breach, and potential fines.
Naturally, few companies are likely to admit these practices, but paying up only makes the problem worse and encourages these lucrative criminal schemes.
According to software company Citrix, large British firms are willing to pay out an average of £136,235.44 to regain access to business-critical data and systems, and companies stockpile an average of 23 bitcoins each in preparation for potential ransomware attacks.